package com.gljx.web.controller;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import com.gljx.util.CommonUtil;

@Controller
public class LoginAction {
	
	private  Logger logger = Logger.getLogger(getClass());
	
	// 登陆提交地址，和applicationContext-shiro.xml中配置的loginurl一致
    @RequestMapping("/login.action")
    public String login(HttpServletRequest request) throws Exception {
    	//System.out.println("本次sessionID："+SecurityUtils.getSubject().getSession().getId());
        return "login";
    }
    //这个路径内逻辑一般是已认证用户重新选择用户使用 TODO 暂时废弃
    @RequestMapping("/checkuser.action")
    public String checkuser(HttpServletRequest request,ServletRequest request2,ServletResponse response) throws Exception {
    	String username = request.getParameter("username");  
    	
        String pwd = request.getParameter("password");  
        String host =request.getRemoteAddr();
        String captcha = request.getParameter("captcha");
        boolean rememberMe = Boolean.valueOf(request.getParameter("rememberMe"));
        request.setAttribute("userName", username);
        request.setAttribute("password", pwd);
        //session中的验证码
        String session_captcha = (String) request.getSession().getAttribute(
                com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);
        if(pwd == null){
        	request.setAttribute("message", "");
        	return "login";
        }
        //非法字符处理
        if(CommonUtil.isSpecialChar_strict(username,pwd,captcha)){
        	logger.error("#非法字符输入#"+host+"##"+"账号密码校验");
        	new IncorrectCredentialsException();
        }
        //获取用户令牌
        UsernamePasswordToken token = new UsernamePasswordToken(username, pwd.toCharArray(),
        		rememberMe,host);   
        Subject currentUser = SecurityUtils.getSubject();   
        try {
        	//登录认证
        	currentUser.login(token);    
			
		} catch(IncorrectCredentialsException e){//验证码
			logger.info("#已认证的二次登陆#"+token.getUsername()+token.getHost()+"##"+"登录失败--"+e);
			request.setAttribute("message", "验证码错误！");
        	return "login";
		} catch (UnknownAccountException e) {//未查找到用户
			request.setAttribute("message", "账号或密码错误！");
			logger.info("#已认证的二次登陆#"+token.getUsername()+token.getHost()+"##"+"登录失败--"+e);
        	return "login";
		} catch (Exception e) {
			request.setAttribute("message", "未知错误！请刷新页面重试");
			logger.error("#已认证的二次登陆#"+token.getUsername()+token.getHost()+"##"+"未知错误--",e);
        	return "login";
		}
        //比对  
        if (captcha != null && !captcha.equalsIgnoreCase(session_captcha)) {
        	request.setAttribute("message", "验证码错误！");
        	return "login";
        }
        request.removeAttribute("userName");
        request.removeAttribute("password");
        request.removeAttribute("message");
        logger.info("#已认证的二次登陆#"+token.getUsername()+"登录成功");
        return "ui/glui";
    }
    
}
